AVG Chrome extension had a huge security hole, patched just in time

AVG just patched a huge security hole that they found in their Chrome add-on before it could become blown out of proportion and used nefariously.

@wesjanson99
Published Tue, Dec 29 2015 6:32 PM CST   |   Updated Tue, Nov 3 2020 12:02 PM CST

One of AVG's Chrome addons, Web TuneUP had a security hole that your could drive a tank into, something that could potentially let websites with malicious code in their CSS take control of your PC, though only in a trivial manner.

AVG Chrome extension had a huge security hole, patched just in time | TweakTown.com

The exploit was originally found by Google, who reported it to AVG to have fixed. The initial fix wasn't quite good enough, so they just pushed out a new fix that seems to solve the issue. That being said, it still seems to be vulnerable to XSS attacks, though that should be fixed soon as well.

One generally thinks that antivirus companies are a bit more scrupulous and careful when designing their applications, but this mistake, and a mostly glaring one, calls to question the type of quality control and examination goes on before things go live. But it's best to fly without any addons, because all addons can potentially be security risks. Browse safe!

Jeff grew up in the Pacific Northwest where he fell in love with gaming and building his own PC’s. He's a huge fan of any genre of gaming from RTS to FPS, but especially favors space-sims. Now he's stepped into the adult world by becoming a professional student looking to break into the IT Security world. When he’s not deep in his studies, he’s deep in a new game, revisiting an old game, or testing the extreme limits of his own PC. He's now a news contributor for TweakTown, looking to bring a unique view on technology and gaming.

Newsletter Subscription

Related Tags

Newsletter Subscription
Latest News
View More News
Latest Reviews
View More Reviews
Latest Articles
View More Articles